1// SPDX-License-Identifier: GPL-2.0-only 2/// 3/// From Documentation/filesystems/sysfs.txt: 4/// show() must not use snprintf() when formatting the value to be 5/// returned to user space. If you can guarantee that an overflow 6/// will never happen you can use sprintf() otherwise you must use 7/// scnprintf(). 8/// 9// Confidence: High 10// Copyright: (C) 2020 Denis Efremov ISPRAS 11// Options: --no-includes --include-headers 12// 13 14virtual report 15virtual org 16virtual context 17virtual patch 18 19@r depends on !patch@ 20identifier show, dev, attr, buf; 21position p; 22@@ 23 24ssize_t show(struct device *dev, struct device_attribute *attr, char *buf) 25{ 26 <... 27* return snprintf@p(...); 28 ...> 29} 30 31@rp depends on patch@ 32identifier show, dev, attr, buf; 33@@ 34 35ssize_t show(struct device *dev, struct device_attribute *attr, char *buf) 36{ 37 <... 38 return 39- snprintf 40+ scnprintf 41 (...); 42 ...> 43} 44 45@script: python depends on report@ 46p << r.p; 47@@ 48 49coccilib.report.print_report(p[0], "WARNING: use scnprintf or sprintf") 50 51@script: python depends on org@ 52p << r.p; 53@@ 54 55coccilib.org.print_todo(p[0], "WARNING: use scnprintf or sprintf") 56